Data Protection Regulation
The National Government regulated article 25 of Law 1581/2012 (Data Protection Regulation)
Decree 886 (hereinafter the Decree) of 2014 was issued on May 13th, in order to regulate those aspects related with the National Data Base Registry (“RNBD”), establishing the minimal requirements in order to perform the registry once it is enabled.
Please note that this Decree establishes that the obligation for the data base controllers, to register the data bases, will only be enforceable once the Superintendence of Industry and Commerce (“SIC”) enables the registry, and that controllers of the data bases will have a term of one (1) year in order to register the data bases. For data bases created after the date in which the registry is enabled, the term to register will be of two (2) months starting on the date of creation of the data base.
Even though the RNBD has not been enabled yet, we highly recommend that your company performs an assessment on the data bases that you have and review all the information being handled. Also, it is important to review the purposes as to which the data was collected and that it is being handled for those purposes; evaluate the security and confidentiality protocols for data handling. In general, an assessment is recommended as to the compliance with the data protection regulation. The previous recommendations will help to make easier the registry once the RNBD is enabled.
In case you have any questions or require any further information regarding the above mentioned matters, please do not hesitate to contact us.